How 4 Microsoft engineers proved that the “darknet” would defeat DRM

And how they nearly got fired for it.

Can digital rights management technology stop the unauthorized spread of copyrighted content? Ten years ago this month, four engineers argued that it can't, forever changing how the world thinks about piracy. Their paper, "The Darknet and the Future of Content Distribution" (available as a .doc here) was presented at a security conference in Washington, DC, on November 18, 2002.

By itself, the paper's clever and provocative argument likely would have earned it a broad readership. But the really remarkable thing about the paper is who wrote it: four engineers at Microsoft whose work many expected to be at the foundation of Microsoft's future DRM schemes. The paper's lead author told Ars that the paper's pessimistic view of Hollywood's beloved copy protection schemes almost got him fired. But ten years later, its predictions have proved impressively accurate.

The paper predicted that as information technology gets more powerful, it will grow easier and easier for people to share information with each other. Over time, people will assemble themselves into what the authors called the "darknet." The term encompasses formal peer-to-peer networks such as Napster and BitTorrent, but it also includes other modes of sharing, such as swapping files over a local area network or exchanging USB thumb drives loaded with files.

Once a popular piece of information—say, a movie, a song, or a software title—"leaks" into the darknet, stopping its spread becomes practically impossible. This, the engineers realized, had an important implication: to prevent piracy, digital rights management had to work not just against average users, but against the most tech-savvy users on the planet. It only takes a single user to find a vulnerability in a DRM scheme, strip the protection from the content, and release the unencrypted version to the darknet. Then millions of other users merely need to know how to use ordinary tools such as BitTorrent to get their own copies.

Trusted computing or treacherous computing?

Ars Technica talked to Peter Biddle, the paper's lead author, last week. The basic premise of the paper came from an e-mail Biddle circulated within Microsoft in the late 1990s. The term "darknet" was coined by co-author Bryan Willman, another Microsoft engineer. Two other Microsoft engineers, Paul England and Marcus Peinado, contributed to it.

At the time they wrote the paper, Biddle and his co-authors were working on Microsoft's "Trusted Windows" project, an effort to provide hardware-level authentication features that could make PCs resistant to tampering even by those who have physical access and control. The initiative would go under a variety of names, including Palladium, TCPA, and the Next-Generation Secure Computing Base.

Biddle, who now works at Intel but stressed that he was speaking only for himself in our interview, told us that it was a project fraught with political challenges. Inside Microsoft, people bristled at the implication that vanilla Windows was untrustworthy. Outside Microsoft, critics charged that Biddle's project represented the beginning of the end for the PC as an open platform. They feared that Microsoft would use the technology to exert control over which software could be executed on Windows PCs, freezing out open source operating systems and reducing users' freedom to run the software of their choice.

One widely discussed application for Biddle's technology was digital rights management. Building DRM atop an open, general-purpose computing platform is an inherently difficult problem. Every DRM scheme requires distributing encryption keys or other secrets to users' devices without the users themselves having access to them. But on an open PC, the user has the ability to inspect and modify essentially all data stored on the device, so DRM schemes are inherently insecure.

It was "very challenging for the PC industry to make the same kinds of statements around how secure data could be on the PC compared to closed devices like CE boxes," Biddle told us. Many hoped (or feared) that a "trusted" computing platform could dramatically improve a DRM scheme's tamper-resistance by preventing a machine's owner from inspecting sensitive encryption keys or modifying DRM code. But preventing users from modifying DRM schemes also inherently meant reducing users' control over the devices they owned. The risk of Microsoft locking down everyone's PC provoked an online backlash, with critics calling the technology "treacherous computing."

Biddle says that backlash "took us completely by surprise." He told us that his team didn't "realize the level of entrenchment and fear" about the ways Microsoft might misuse the technology. In his view, the public overreacted to what was designed to be an application-agnostic security technology. "A lot of the things that were said about trustworthy computing being treacherous were actually impossible," he told us.

“I almost got fired”

Biddle says that he and his team realized early on that DRM technology would never succeed in shutting down piracy. He hoped that writing a paper saying so would reassure Microsoft's critics in the technical community that Redmond wasn't planning to lock down the PC in order to satisfy Hollywood. And by making it clear that the people behind Microsoft's "trusted computing" push were not fans of DRM, Biddle hoped he could persuade the technical community to consider other, more benign applications of the technology he was building.

Biddle couldn't be too candid about the link between his paper and the technology he was building. Explicitly admitting that DRM schemes built on "Trusted Windows" wouldn't stop piracy might make it harder for Microsoft to persuade content providers to license its products for Microsoft's technology platforms. Biddle hoped that releasing his paper at a technical security conference would allow him to send a "dog whistle" to the technology community without raising the ire of Hollywood.

It didn't work out that way. "I almost got fired over the paper," Biddle told Ars. "It was extremely controversial." Biddle tried to get buy-in from senior Microsoft executives prior to releasing the paper. But he says they didn't really understand the paper's implications—and particularly how it could strain relationships with content companies—until after it was released. Once the paper was released, Microsoft's got stuck in bureaucratic paralysis. Redmond neither repudiated Biddle's paper nor allowed him to publicly defend it.

At the same time, "the community we thought would draw a connection never drew the connection," Biddle said, referring to anti-DRM activists. "Microsoft was taking so much heat around security and trustworthy computing, that I was not allowed to go out and talk about any of this stuff publicly. I couldn't explain 'guys, we're totally on your side. What we want is a program that's open.'"

A losing battle

While Biddle and his colleagues didn't succeed in allaying the fears of Palladium's critics, the paper's central arguments have held up well. The authors predicted that the emergence of the darknet would produce a technological and legal arms race. They thought content companies and law enforcement would attack those aspects of the darknet that were most centralized, but that the darknet would adapt through greater decentralization. And they predicted that efforts to build secure DRM schemes would continue to fail. All of their predictions have continued to hold true over the last decade.

Both content companies and the US government have pursued increasingly aggressive anti-piracy strategies. The Recording Industry Association of America sued thousands of alleged file-sharers during the last decade, and content companies have sued numerous file-sharing startups out of existence. In 2010, the federal government got into the act, using the powers of the recently passed PRO-IP Act to seize domains and other assets of alleged pirate sites. And they have even begun to arrest key figures in file-sharing networks.

Yet these increased enforcement efforts have barely slowed down the darknet's momentum. A key development has been the emergence of "locker sites" that host infringing files and "link sites" that provide pointers to those files.

"The thing about the locker and link sites is that they can be very lightweight," Biddle told us. They are "not that hard to replicate because they are basically a database." That makes the network as a whole much more robust to law enforcement efforts to shut it down: close down one site and two more pop up in its place.

And while BitTorrent and Megaupload get all the attention, Biddle notes that there are other file-sharing techniques that the government is never going to stop. "Teenagers and twenty-somethings I know routinely will go over to a friend's house with a terabyte drive to swap stuff," he said. They choose the "sneakernet" approach less out of fear of liability than because it's so convenient. "You can have a ton of content on a terabyte drive," he noted.

Yet the content industry continues to try, and fail, to produce secure DRM schemes. Biddle believes this strategy has proved counterproductive because it inconveniences legitimate customers without stopping piracy.

"I'm now finding that for some kinds of content, the illegal is clearly outperforming legal," Biddle said. "That blows me away. I pay for premium cable. It's easier to use BitTorrent to watch Game of Thrones. HBO Go is trying very hard to do a good job," he said, but the user experience just isn't as good. Because HBO Go is a streaming service, he said, it's more vulnerable to network congestion than simply downloading the entire episode from the darknet.

Promoted Comments

I'm a bit surprised that an apparently smart guy like him would be surprised that a paper on the capabilities of the 'darknet' would assuage Microsoft's critics on Palladium/NGSCB/"Trusted Computing"/whatever.

Yes, because of uncontrolled distribution in the background, you can stop the movement of files through peer networks. However, that isn't actually terribly relevant:

1. Free Software(along with commercially minded 'we-remember-what-you-did-to-netscape' pessimists of MS's market power) people don't primarily care about whether "trusted computing" can stop kids from swapping burned bieber CDs and warez. They care about whether it can stop you running what you want to run on the hardware you "own". Can it? Oh yes, yes it can. Not 100% perfectly, but contemporary consoles are getting to the point where hardware attacks are necessary to execute unsigned code, iDevices are spreading the walled garden to the masses, and Microsoft is going all app-store, all the time on their ARM gear. What good is piracy if you can't buy a computer that will execute your booty?

2. Even if your primary concern is piratical, the "darknet" only saves you as long as vendors are willing to ignore legacy formats. All it takes is one person to crack the DRM and release the plaintext version; but only if available consumer devices will actually accept plaintext. Your ipad, say, will process an anonymous mp3, or h.264 video, so team Hollywood and the RIAA crowd are out of luck; but how about an unsigned .ipa file? Not happening. Even if it is 100% structurally valid, it needs an apple key, or an enterprise key, or a dev key(that matches the hardware it is running on, since those are limited to a set number of devices). You can strip all the DRM you want, you'll just have some trouble finding hardware to run it on. Windows RT will play the same game with Windows binaries.

That's the real problem. Yeah, it is impossible to make 100% of DRMed endpoints exfiltration-proof. However, your ability to make 95%+ of endpoints increasingly hostile to anything lacking a trusted DRM signature is constrained only by customer hostility, not by any technological barrier...

I'm a bit surprised that an apparently smart guy like him would be surprised that a paper on the capabilities of the 'darknet' would assuage Microsoft's critics on Palladium/NGSCB/"Trusted Computing"/whatever.

Thank you for give me credit for being apparently smart.

This is becoming my favorite comment thread of all time. Bryan! ______ from Disney! Sweet!

I was surprised about it ten years ago. I think my surprise was comically innocent in hindsight, but so was the lack of technical depth applied by some opponents to TWC.

fuzzyfuzzyfungus wrote:

Free Software(along with commercially minded 'we-remember-what-you-did-to-netscape' pessimists of MS's market power) people don't primarily care about whether "trusted computing" can stop kids from swapping burned bieber CDs and warez. They care about whether it can stop you running what you want to run on the hardware you "own". Can it? Oh yes, yes it can. Not 100% perfectly, but contemporary consoles are getting to the point where hardware attacks are necessary to execute unsigned code, iDevices are spreading the walled garden to the masses, and Microsoft is going all app-store, all the time on their ARM gear. What good is piracy if you can't buy a computer that will execute your booty?

Palladium, as outlined by Seth Schoen at the time (an intelligent analysis that was completely ignored by detractors because it was inconveniently inconsistent with more Luddite views) and now again highlighted by Bryan in his comments wasn't actually capable of keeping SW from running on a PC.

I know it wasn't because we designed it to allow anyone to run SW that was protected from the rest of the system. The TPM is a crypto co-processor connected via the LPC bus. It had none of the (totally fabricated) privilege nor control that would let it control what SW runs on the CPU.

As I said at the time - Palladium treated the rest of Windows as a virus. This includes any SW that might want to peek into a protected environment.

Let me repeat this, to be clear: ANYONE COULD RUN AND PROTECT ANY SW ON THE SYSTEM and it would be protected from EVERYONE ELSE.

This meant that yes, Disney could make a video player which protects video files from many (but not all) kinds of attacks. (eg it didn't protect against Freon, dual-ported memory, or DtoAtoD conversions).

It also meant that you could run SW which protects you, and whatever stuff you choose to put in it, from Disney. There was no single root key model, no trust chain that MSFT controlled, and no god-privilege that would let MSFT or anyone look at protected secrets at runtime.

SW was protected from SW.

Could other people - like Apple - use similar technologies to create systems that won't run arbitrary code? Of course. But that wasn't part of our threat model and it wasn't what we were building.

So why did we do it? Because there's good to be had in protecting stuff. The darknet creates network effects for stuff that is a global secret in high demand. Lots of stuff in need of protection are not global secrets nor in high demand.

fuzzyfuzzyfungus wrote:

2. Even if your primary concern is piratical, the "darknet" only saves you as long as vendors are willing to ignore legacy formats. All it takes is one person to crack the DRM and release the plaintext version; but only if available consumer devices will actually accept plaintext. Your ipad, say, will process an anonymous mp3, or h.264 video, so team Hollywood and the RIAA crowd are out of luck; but how about an unsigned .ipa file? Not happening. Even if it is 100% structurally valid, it needs an apple key, or an enterprise key, or a dev key(that matches the hardware it is running on, since those are limited to a set number of devices). You can strip all the DRM you want, you'll just have some trouble finding hardware to run it on. Windows RT will play the same game with Windows binaries.

I agree that closed systems have those characteristics and I applaud your railing against them. I'd be deeply surprised (again!) to find that you are more committed or passionate than I about the need for open devices that will run and protect arbitrary code.

fuzzyfuzzyfungus wrote:

That's the real problem. Yeah, it is impossible to make 100% of DRMed endpoints exfiltration-proof. However, your ability to make 95%+ of endpoints increasingly hostile to anything lacking a trusted DRM signature is constrained only by customer hostility, not by any technological barrier...

When Palladium fell apart we were able to salvage a great drive encryption solution (BitLocker) from its ashes. BitLocker treats all data as equally worthy of protection and by design has to treat the possessor of a PC as a potential attacker. I'm quite proud of that.

2 posts | registered Nov 28, 2012

Timothy B. Lee
Timothy covers tech policy for Ars, with a particular focus on patent and copyright law, privacy, free speech, and open government. His writing has appeared in Slate, Reason, Wired, and the New York Times. Emailtimothy.lee@arstechnica.com//Twitter@binarybits

"Outside Microsoft, critics charged that Biddle's project represented the beginning of the end for the PC as an open platform. They feared that Microsoft would use the technology to exert control over which software could be executed on Windows PCs, freezing out open source operating systems and reducing users' freedom to run the software of their choice."

These are coincidentally the same concerns that keep getting raised about Windows 8!

It isn't concerns about Windows 8, it's concerns about Secure Boot (which Microsoft requires for Windows 8.) I noted that in my first post.

While I was thinking of the secure boot, I was also referring to concerns about Microsoft eventually ditching the open desktop part of Windows and leaving just their App Store behind as the only way to install programs. I'm astounded at how a paper from 10 years ago could, in one paragraph, sum up most of the fears about Windows 8 today.

Why don't you also think Apple might do this? Because Apple also has an Application Store. They would in the future make it required you sell applications for their operating system through them, not like they don't have a problem doing that, considering they did exactly that with iOS.

If I plant an Apple tree it creates Apples for free. My neighbor cannot come into my yard and steal my Apples. He could steal an Apple, plant the seeds in the Apple Tree, and while its not exact clone ... would have an Apple Tree.

...yet people would not defend the neighbor action.

So... he -buys- the apple. There is then no theft. And... he plants the seeds.

That's not theft. (Although it may well be patent infringement, because patent law is also fscked.)

I'm slowly but surely buying into the subscription model. I do like netflix (even though I am quickly getting to the end of useful content) and just got the free month of XBox music pass which I will likely subscribe to for allowing me to download and keep any music I have ever wanted on my phone, PC etc. for less than the cost of 1 album/month.

I agree with the HBO comment made earlier. I pay for premium cable and still download the shows. I would happily dump the service for a subscription download equivalent.

Between netflix and XBox music pass I get most of what I need [barring the fairly limited netflix library] for just $20 a month. Now if I could drop or swap my $60/month cable service for a version of netflix that has the latest premium cable shows on it I would be a happy man with no need to ever resort to the darknet

There are some people in this world who would take everything, produce nothing, and want everything for free.

Luckily those people are not really the norm and as such have a much less significant impact than the rest of us. I would worry more about catering to the people who are willing and able to pay you for your work, than focusing on those that won't just because they exist.

Why don't you also think Apple might do this? Because Apple also has an Application Store. They would in the future make it required you sell applications for their operating system through them, not like they don't have a problem doing that, considering they did exactly that with iOS.

True, the very concerns have been expressed about OS X, and Apple's implementation of an App Store in it similar to iOS, but the paragraph I quoted immediately reminded me of Microsoft's situation with Windows 8. I wasn't trying to imply it's a problem unique with Microsoft.

I never said it was. I am saying there must be a way to protect the rights of people who produce the source material ( I will avoid the term content since somebody else has a problem with that word ). They have a right to be paid for creating that material by everyone who wants to either use, view, or consume their material or product.

Again, I disagree. You are speaking in absolutes that are not true for any market. If what you were saying were true, then when I buy a copy of Lord of the Rings on BluRay and lend it to my friend, my friend should be paying the company for that copy, since he is using, viewing, and (sort of?) consuming it. If you think that's the case, I think you're nuts (I suspect you don't).

Quote:

If I plant an Apple tree it creates Apples for free. My neighbor cannot come into my yard and steal my Apples. He could steal an Apple, plant the seeds in the Apple Tree, and while its not exact clone ( neither are copies of television shows of the source materal at least ) would have an Apple Tree.

This wouldn't cost any money to the neighbor to do. The only cost would be of the Apple Tree I bought or produced. Its not a digital item of course, and copying a file is not theft, yet people would not defend the neighbor action.

I think the better analogy would be that he comes into your yard, picks up from the ground a rotting, nasty apple covered with flies that no one will ever eat, and then plants those seeds. Then he proceeds to grow his own apple tree, but he never sells those apples, he only gives them away. And when he does, everyone that takes them knows that they're TheDarkerPhantom (TM) apples. Thus, you haven't lost anything, he hasn't gained anything, and your brand name is still casting a wider net.

I think it's really case by case as to whether or not I'd defend that. If you wouldn't sell apples to Jim because he lives in the wrong apartment building, and he takes one of the "copied" apples, I'd defend him. The equivalent, of course, being unserviced regions and the like.

Hollywood will never ask the question "how do we add value to combat piracy" like Gabe Newell did. I do believe that DRM-free is not a possibility (World of Goo 90%+ piracy rate anyone?) but give the buyers added value. Steam does it. iTunes does it with all the cool extra LP stuff. The question should be "What can we offer our customers that makes them come back?"

World of Goo had a high piracy rate, yes. Two men still made hundreds of thousands of dollars for a year's labor. If developers are making far more in return than they put in, enough to buy houses etc. and still have a marketable skill to fall back on, why is DRM really necessary?

There are legitimate anti-DRM arguments; 'you make enough money, why are you bitching about piracy' is not one.

It is when the statistics show that the people that download your content are the ones that also spend the most money on it.

Interesting how one can collect such reliable stats, and yet unable to find the IP address that goes with a particular downloader.

If I plant an Apple tree it creates Apples for free. My neighbor cannot come into my yard and steal my Apples. He could steal an Apple, plant the seeds in the Apple Tree, and while its not exact clone ... would have an Apple Tree.

...yet people would not defend the neighbor action.

So... he -buys- the apple. There is then no theft. And... he plants the seeds.

That's not theft. (Although it may well be patent infringement, because patent law is also fscked.)

In my example te owner of the house buys the Apple Tree and the neighor simply steals the Apple and plants the seeds. I used the example of a Farmer, since you have a problem with this, silly example.

TheDarkerPhantom"If these guys sold anything other then Digital content, and if 90% of their product wasn't paid for, then they would likely go out of business.[/quote]That's irrelevant, since one major advantage of digital is that it's non-rival[quote]I don't considering a 90% rate of piracy acceptable nor properly compensating them for their work.[/quote]The piracy rate doesn't affect their profit. The number of sales does. Also, please stop using the word 'compensate', as they aren't being harmed by people enjoying their work.

[quote="kranchammer wrote:

There are legitimate anti-DRM arguments; 'you make enough money, why are you bitching about piracy' is not one.

Apparently you missed the actual argument. You can sell 1,000 copies and only have it pirated a 100 times, or you can sell 10,000 copies and have it pirated 100,000 times. Which do you choose if you don't suck at math?

Ostracus wrote:

Aren't there satellite and cable schemes not yet broken? And even the PS3 scheme took several years to be defeated. Much like there isn't perfect security online, or off, and yet people continue the "pointless" exercise. DRM isn't about being perfect, nor eternal.

I'm pretty sure that a number of Free-to-air satellite boxes provide realtime access to all of the paid channels. More importantly, anything on satellite or cable is quickly placed on the internet. There might be some obscure satellite company that hasn't been broken, but they don't demand the kind of audience to get any significant exclusive audience.

TheDarkerPhantom wrote:

They have the ability to take those people who sell knockoffs to court.

Everyone has a problem when some content provider attempts to sue people, who downloaded their content without paying them, for some reason digital content is different then a physical product. Some reason people are able to defend piracy, yet if it was a physical good, most ethical and moral people would object to stealing it.

Not really. The only legit means of fighting knockoffs they have is trademark. As long as they don't use the logo, you can totally rip off the design scot free.

And yes, digital content is different than physical product. Digital is not scarce, so the economics are completely different.

Strike 2 is for using 'moral','ethical', and 'stealing in argument about copyright. Copyright is only justified as a practical system, so it's no more a moral issue than jaywalking. Don't think of it as an abstract property, think of it as an indirect subsidy on creativity. It's actually a weird economic backwater that we've just internalized. It doesn't make that much sense when you actually analyze it, which is why a lot of arguments are based on a poorly thought out moral argument that grossly misunderstands why certain systems work the way they do. However, since it's a moral argument, it's a lot less subject to critical thinking.

There's a reason that doesn't happen outside the digital realm. Physical items actually cost money to reproduce, even illegally. However, copying digital items cost almost nothing. Perhaps trying to call copies a "product" when you don't have the [nearly] exclusive ability to reproduce it is the problem.

So because its not a product and can be copies its alright not to pay for it?

You've got this totally backwards. You think that there should be compensation for each and every copy in circulation. How the hell do you handle that? Given the circumstances of the current status of things, that's just not a realistic approach. You have to completely rethink your perspective on this. The plain and simple truth is, that content is speech. Speech is an action. The content industry (Ars Technica for instance) sells action. Selling an action is a service. You offer to perform an action for pay. That is what the content industry has been refusing to acknowledge for centuries now. Once they admit that and embrace it, they no longer have to concern themselves with people making copies of anything they worked on for pay.

Nothing highlighted how misleading and irrelevant "piracy" numbers are, in this silly DRM war on customers, as when I saw some claims of 80%+ piracy rates for iPhone games.

Yet only an estimated 10% of users jailbreak their iDevices, which would be required to engage in piracy.

So developers aren't losing 80% of their revenues to "piracy" as they often will claim. At worse they are potentially losing 10%(still likely high as not every jailbreaker is a "pirate"), at least in the case of iPhone, and I would bet on other platforms as well, but it isn't as demonstrable there.

That logic only works if the distribution of people using a specific product is even across all demographics - it rarely is. An iOS game could easily have a high piracy rate if, say, the majority of the audience are geeks, geeks are more likely to jailbreak than than average, and the vast majority of jailbreaks are for piracy. (I'm not saying that's true - I don't have any stats at hand - I'm just using it as an example.)

I recently bought three movies in preparation for a movie marathon I was hosting.

I bought one movie via Amazon VoD but it turns out Amazon doesn't let you stream their HD movies to an HTPC (you need a PS3, Roku, XBox or some other approved product).

I bought the second movie as a Blu-Ray disc at my local target and then discovered that playback support for HTPCs is horrible. The bundled software that came with my Blu-ray drive was horrendous in playback and several versions older than what's currently available. But there are very few alternatives (no free ones) because you have to pay for a license to develop Blu-Ray playback software.

So even though I paid for legal copies of both movies, I went and pirated them both anyway so I could watch them on my HTPC. It was incredibly easy to obtain and play back the pirated copies. The DRM Hollywood has in place to stop me from pirating movies was EXACTLY what caused me to pirate them, EVEN AFTER I PAID FOR THEM.

Guess how I got the third movie? Universal Pictures, send me a bill and I'll pay it, but keep the disc - I don't need it.

Again, I absolutely disagree. You are speaking in absolutes that are not true for any arket. If what you were saying were true, than when I buy a copy of Lord of the Rings on Blu Ray and borrow it to my friend, my friend should be paying the company for that copy, since he is using, viewing, and (sort of?) consuming it. If you think that's the case, I think you're nuts.

I actually wrote an ethics paper on this very subject. I argued that it was strange that digital content could not be shared with friends, even though the physical product can be, and often was when that was the only option. I actually used the specific examples of a music file and music cds, this was back in 2001 and Napster, so the context made sense at the time

[quote="Cymbaline]I think the better analogy would be that he comes into your yard, picks up from the ground a rotting, nasty apple covered with flies that no one will ever eat, and then plants those seeds. And then he proceeds to grow his own apple tree, but he never sells that apples, he only gives them away. And when he does, everyone that takes them knows that they're TheDarkerPhantom (TM) apples. Thus, you haven't lost anything, he hasn't gained anything, and your brand name is still casting a wider net.[/quote]

In this example the Apple you take could have been sold to somebody. Even if it was rotten I could have used those seeds myself, and given them away ( Hulu ).

[quote]In any case, I think it's really case by case as to whether or not I'd defend that. If you wouldn't sell apples to Jim because he lives in the wrong apartment building, and he takes one of the "copied" apples, I'd defend him. The equivalent, of course, being unserviced regions and the like.[/quote]

I would agree that a producer of a product cannot both complain about people not paying for their product and not provide a method to view that content. I am not talking about a method WE deem unacceptable, I am talking about having NO method, that other producers of content have no problem offering.

Hollywood will never ask the question "how do we add value to combat piracy" like Gabe Newell did. I do believe that DRM-free is not a possibility (World of Goo 90%+ piracy rate anyone?) but give the buyers added value. Steam does it. iTunes does it with all the cool extra LP stuff. The question should be "What can we offer our customers that makes them come back?"

World of Goo had a high piracy rate, yes. Two men still made hundreds of thousands of dollars for a year's labor. If developers are making far more in return than they put in, enough to buy houses etc. and still have a marketable skill to fall back on, why is DRM really necessary?

There are legitimate anti-DRM arguments; 'you make enough money, why are you bitching about piracy' is not one.

It is when the statistics show that the people that download your content are the ones that also spend the most money on it.

Interesting how one can collect such reliable stats, and yet unable to find the IP address that goes with a particular downloader.

I am indeed saying less would be produce. I am only against pirarcy and this flawed social acceptance that consumers seem to have with regards to it.

The producers might not be on the same page as the consumers at times ( stupid restrictions and all that jazz ) but they just want to be paid for what they produce or service they provide.

You said - in essence - that nothing would be produced and saying that less will be produced you haven't provided even circumstantial evidence for. Even if there was a reduction, would the reduction be in quality products, or in the "me too" section of products? I don't believe you have a leg to stand on when throwing around terms like "flawed social acceptance".

I've also never once indicated I'm pro piracy, I'm one of the many that gladly pay for quality products, even though I could likely get away with not doing so. The fact of the matter is that if I enjoy say a TV show, and I was to pirate it rather than pay for it, and it subsequently got cancelled, I would legitimately feel partially responsible. I see paying for the content as my "vote" to keep that content going, or as a way of saying "thank you" to the creators for making it in the first place. I just think that your black-and-white view is limited and incorrect. If you provide a good incentive and a reasonable price, not only will people pay, but the majority of people will pay, rather than try to cheat you. I personally quite like this viewpoint. It's not that piracy isn't a problem, it's that DRM etc. is a flawed way of combating it. And you will never get rid of it completely, so why spend effort on it that could be better spent providing a better experience for those that *will* pay?

I recently bought three movies in preparation for a movie marathon I was hosting.

I bought one movie via Amazon VoD but it turns out Amazon doesn't let you stream their HD movies to an HTPC (you need a PS3, Roku, XBox or some other approved product).

That's not 100% true - I'm guessing you probably have a Linux-based HTPC? I've streamed Amazon's HD content to my HTPC, but it was through Firefox on a Windows 7-based HTPC, so I'm curious if Amazon blocks other operating systems and/or browsers.

In my example te owner of the house buys the Apple Tree and the neighor simply steals the Apple and plants the seeds. I used the example of a Farmer, since you have a problem with this, silly example.

Yes, I did manage to read that.

But the piece of the example that you're pointing at and saying "Everyone disagrees with this, right?" is the theft of the apple not the planting of the new tree.

Stealing the apple: Wrong. And obvious. And probably 80-90% agreement from everyone on this.Conducting a no-coercion, no false advertising fair trade for the apple (in which -both- sides are happier) -> No foul there.

Planting the seeds of a stolen apple -> Still wrong because of the theft. Still from The Land of Duh.Planting the seeds of a fairly bought apple -> You're claiming this is wrong.

I'm not arguing "Let's steal more apples!", I'm saying your analogy is completely non-helpful to your case. It is, in fact, actively detrimental to the case through guilt by association.

I am NOT at all *advocating* unauthorized copying (as distinct from piracy, which I am *very, very much* against)...

But to those poo-pooing the "You get your money, so don't complain about torrents" position, bear in mind that just because no free version of a product exists, that doesn't mean a user will pay money to have it.

I've admittedly downloaded a game for free before (Spore), but if that free copy hadn't been shared with me, I would not have instead bought the game... [especially knowing what I know after having played it for a bit and then deleting it.] :v

Hollywood will never ask the question "how do we add value to combat piracy" like Gabe Newell did. I do believe that DRM-free is not a possibility (World of Goo 90%+ piracy rate anyone?) but give the buyers added value. Steam does it. iTunes does it with all the cool extra LP stuff. The question should be "What can we offer our customers that makes them come back?"

World of Goo had a high piracy rate, yes. Two men still made hundreds of thousands of dollars for a year's labor. If developers are making far more in return than they put in, enough to buy houses etc. and still have a marketable skill to fall back on, why is DRM really necessary?

There are legitimate anti-DRM arguments; 'you make enough money, why are you bitching about piracy' is not one.

It is when the statistics show that the people that download your content are the ones that also spend the most money on it.

Interesting how one can collect such reliable stats, and yet unable to find the IP address that goes with a particular downloader.

This is a complex research task. The ways in which consumers access and share copyright material online change regularly, and infringement levels in particular are notoriously difficult to measure.

Quote:

That said, as with all approaches to research, consumer surveys have limitations. In particular they rely on participants reporting their behaviour accurately and honestly a sensitive issue in areas involving unlawful behaviour.

Steam is a form of DRM, yet people are alright with it, even if Valve can lock your account no matter how many games you bought from them.

Not everyone likes Steam. I buy DRM free games from GOG instead, and buy the DRM-free Humble Indie Bundles, and support DRM-free projects on Kickstarter. I don't buy games from Steam. The fact that they could lock my account (or go out of business and shut down) is why I don't buy from them.

Even if I don't really care much about protecting my access to a particular piece of software, supporting any DRM system sets a bad precedent and moves the world in the wrong direction. We should be working to make information less proprietary and finding more efficient ways of funding the initial (expensive and difficult) creation without the need to put artificial costs or restrictions on the distribution of copies. DRM is an attempt to apply the inherent limitations of physical objects to information, where such limitations do not inherently exist, and are fundamentally detrimental.

The thing that publishers should always keep in mind is that even if they don't sell a DRM-free version of the game anywhere, that doesn't mean a DRM-free version won't be available. It just means they won't get paid for it. I'm happy to pay for software. I like games and want to support the people who make them, but I consider it immoral to support DRM.

Hollywood will never ask the question "how do we add value to combat piracy" like Gabe Newell did. I do believe that DRM-free is not a possibility (World of Goo 90%+ piracy rate anyone?) but give the buyers added value. Steam does it. iTunes does it with all the cool extra LP stuff. The question should be "What can we offer our customers that makes them come back?"

World of Goo had a high piracy rate, yes. Two men still made hundreds of thousands of dollars for a year's labor. If developers are making far more in return than they put in, enough to buy houses etc. and still have a marketable skill to fall back on, why is DRM really necessary?

This is such a terrible argument. They made a great product, and with everyone that played it, they deserve much more than they got.

You're right that they deserved more than they got. The thing is, what could they have done to get more than they did? The pirates were going to pirate it, not buy it, no matter what. DRM doesn't keep people from pirating content, and it doesn't make pirates pay for content. Lawsuits don't work either. Ultimately what you have to do is get on the customer's good side and inspire goodwill to make them want to pay you.

I'm a bit surprised that an apparently smart guy like him would be surprised that a paper on the capabilities of the 'darknet' would assuage Microsoft's critics on Palladium/NGSCB/"Trusted Computing"/whatever.

Yes, because of uncontrolled distribution in the background, you can stop the movement of files through peer networks. However, that isn't actually terribly relevant:

1. Free Software(along with commercially minded 'we-remember-what-you-did-to-netscape' pessimists of MS's market power) people don't primarily care about whether "trusted computing" can stop kids from swapping burned bieber CDs and warez. They care about whether it can stop you running what you want to run on the hardware you "own". Can it? Oh yes, yes it can. Not 100% perfectly, but contemporary consoles are getting to the point where hardware attacks are necessary to execute unsigned code, iDevices are spreading the walled garden to the masses, and Microsoft is going all app-store, all the time on their ARM gear. What good is piracy if you can't buy a computer that will execute your booty?

2. Even if your primary concern is piratical, the "darknet" only saves you as long as vendors are willing to ignore legacy formats. All it takes is one person to crack the DRM and release the plaintext version; but only if available consumer devices will actually accept plaintext. Your ipad, say, will process an anonymous mp3, or h.264 video, so team Hollywood and the RIAA crowd are out of luck; but how about an unsigned .ipa file? Not happening. Even if it is 100% structurally valid, it needs an apple key, or an enterprise key, or a dev key(that matches the hardware it is running on, since those are limited to a set number of devices). You can strip all the DRM you want, you'll just have some trouble finding hardware to run it on. Windows RT will play the same game with Windows binaries.

That's the real problem. Yeah, it is impossible to make 100% of DRMed endpoints exfiltration-proof. However, your ability to make 95%+ of endpoints increasingly hostile to anything lacking a trusted DRM signature is constrained only by customer hostility, not by any technological barrier...

Bottom line in my opinion is that DRM needs to disappear forever and be made illegal.

It does NOT keep the true pirates (those who have enough disposable income to afford the things in question and pirate anyway) from getting those products for free.It ONLY affects the legitimate buying public and that is why it should be made illegal.

To TheDarkerPhantom, there is a reason why people defend piracy: no actual physical loss = not stealing in the slightest.

At best, it is termed copyright infringement which is NOT a crime but a civil matter unless there is some 'selling for profit' there.

Much of piracy is also equivalent to trading DVD's and CD's with friends 10 years ago, it's just that today that friend can be halfway across the world.

For DRM to be effective it doesn't have to be foolproof. The purpose of DRM is simply to eliminate a reality where general or even inept users readily have access and choose pirated content.

This mindset that its just a "copy" so it doesn't affect anything is narrow and shortsighted. Its only applicable in the current reality where DRM does exists. DRM for the most part along with malware and ignorance acts as an effective barrier against a reality where pirating content becomes a ubiquitous practice.

In a reality where piracy is everywhere and anywhere, the original product will have the same monetary value of the free copies that spring from it. Nothing.

From a technical point of view it would seem impossible to fight the engineering of highly proficient hackers and developers. It's an uphill battle they cannot win, sort of like a parallel to Sisyphus: they strive and they stress to get that boulder up the hill, but once up there it gets pushed back down.

The only way to fight piracy is to compete with it. The only way to do this is to kill the traditional (or archaic is more like it) content distribution network across the world. TV network contracts in particular and the pushed back release dates of films in theatres worldwide based upon where the film is released.

For instance: "Game of Thrones" is an internationally acclaimed show. If the digital distribution services worldwide released on the same day, on the hour, for a fair price, it would be a spectacular success and the sharing of individual episodes in P2P services such as BitTorrent would substantially decrease (since most common people don't store the episodes and would just use the direct digital service).

Another example: "Wreck it Ralph" hits theaters here in Norway in the first quarter of 2013. If a high quality release hits the scene before that time then fudge it; I won't see it in theaters. But if it was released the same time as it was in the US (in English of course) me and a small gang would go whole heartedly to see it in theaters, effectively raising the profit margin of the film.

The biggest problem with anti-piracy is that it only serves to protect and maintain old and outdated business models that are lagging behind the digital revolution. This of course is because distribution companies are the rulers in a world of content producers and the idea is to make the distributors happy. I say nuts to the distributors: they are not in charge of quality control nor product development, only funding, and this can be easily worked around.

This is a complex research task. The ways in which consumers access and share copyright material online change regularly, and infringement levels in particular are notoriously difficult to measure.

Quote:

That said, as with all approaches to research, consumer surveys have limitations. In particular they rely on participants reporting their behaviour accurately and honestly a sensitive issue in areas involving unlawful behaviour.

The logic behind it is very simple and very reasonable. The more content a person is exposed to, the greater chance they will become enthralled by an author/artist/etc. and proceed to buy things from them. The P2P model makes fans out of those that would otherwise never have known of those works.

Is it better for a person to consume $10K worth of content that costs the creators $0 to be copied through file sharing and have them get $1K in return or is it better to get $500 from people that never consume anything they don't pay for? Come on, which number grosses bigger? $1,000-$0=$1,000 vs $500-$0=$500?

I similarly use pirate sites as a more convenient way to get content I already own, or content that's on a service I pay for. The entire industry could learn a lot from Valve. Piracy is a service problem, and if you provide a good service piracy becomes less of a concern; Russia is Valve's second largest market.

Their are so many sites that say if you allow commercials or ads you get to access the site for free. Many apps on android have the same features. So I pay for internet, used to pay for cable three yrs ago. Not so long ago we received our entertainment through antennas or rabbitears, which I payed for, free and the commercials paid for the entertainment. Cable strung out long ago has been payed for. Why should I pay for cable, then put up with watching ads. Give me cable for free and I'll put up with the ads. I refuse to pay for cable knowing that I'm paying for the ads. Doesn't sit well with me. So to remedy this I also download ad free shows, and watch at my convenience. Most shows I get within 5 min. Don't need to have my cable box on either. Waiting for cable to get with it and let me pay for channels I want, no packages. So far I've saved $2500 for not using ad based cable. Its so hard for cable to figure out a new business model that customers and cable could have a win win, instead of customers thinking their getting gouged and looking for other means.

And they predicted that efforts to build secure DRM schemes would continue to fail. All of their predictions have continued to hold true over the last decade.

Aren't there satellite and cable schemes not yet broken? And even the PS3 scheme took several years to be defeated. Much like there isn't perfect security online, or off, and yet people continue the "pointless" exercise. DRM isn't about being perfect, nor eternal.

They have been cracked. Numerous times. Don't you remember the cables de-scramblers? Or "hacked" DirectTV boxes? Sure, some of these have been "neutralized" by the cable/satellite companies, but new solutions pop up all the time. This is the "cat & mouse" game that they were talking about.

"It's unsustainable for a mass of people who have no real stake in the product or market (except a parasitical one) to decide how much money a creator should make."

It's also apparently unsustainable for the middle man to decide on the price points for a media market. Yet that is where we sit today. The middle man attempting to ignore market forces and yet tightly control a market.

You see the mass of people you mention DO have a stake in the market. Not understanding that point could be a fatal flaw.

I keep seeing people say they want access to their DRM content without the DRM, so that access is never lost, which I completely agree with. But what if the company charges a fraction of the cost, but maintains its DRM on it, would that be a fair trade off? Instead of paying 99cents for a song with DRM, you would pay 20 cents. The 99 cent version would be free of DRM?

Just a thought I'm curious about. Personally, I wouldn't mind paying less to have DRM on my content.

Im not blind enough to say there will never be a DRM system that will work. I know we like to believe what we believe, but there is always more than one right answer. Just because Hollywood can afford to have people pirate a bunch of their products, doesnt mean its ok to do it. If I work hard to be in the 98% and someone wants to take 40% of my income in taxes, just because I make more, I should more people than the ones being hurt would cry boo. Its my money that I worked for, and if I dont want my money to go to goverment programs I dont believe in (no matter how good they are) then I shoudnt have to have much higher takes just because I make more. I should be able to decide where my money goes.

That being said, I hate almost all DRM systems because they are so ridiculous; I will continue to use bittorent to avoid this nonesense. But pirating stuff because hollywood and microsoft make too much is worse than DRM.

The defense of "I would never have purchased in the first place" is again a lame duck excuse, if you would never purchase the content, why are you viewing the content in the first place?

It's a value proposition. I'd be interested in seeing The Life of Pi in the theaters at $10. I'm not willing to pay $50 for the experience. I'm not terribly interested in paying $10 to see the new Bond movie, but if a friend brought a copy of the movie over to my house, I'd probably watch it.

But pirating is more akin to sneaking into the theater to watch the new Bond flick.

I'm fulling admitting to setting up a straw-man here, but similar arguments can be made for sneaking in and piracy:

"Well, the theater was showing the movie whether I was in there or not, and since I wouldn't have paid $10 to watch that movie anyway, they aren't really losing any money."

In this scenario, the cashier and ticket takers are the DRM:

"They should just get rid of the cashiers and ticket takers. If people really want to sneak into a movie, there's no way to stop them. All the cashiers and ticket takers due is make the paying folks have to wait in line while the sneakers get all the good seats. They should just put a jar by the door. Most people are good and honest and would put their $10 in the jar."

I am certainly no fan of DRM, and I agree with the article's premise that it will always be cracked by those who are determined enough. Working around DRM just has to be enough of a hassle that most people will "wait in line and buy the ticket" for it to be successful from a media company's point of view, though.

It's not copying a table or chair, and it's not growing an apple tree. There are no really good analogies for the situation, the closest you can get is theft of services. My neighbor pays a monthly flat rate for garbage pickup and is allowed to put out 5 bags every week. If he puts out only two, is it theft if I put three of my own with his? Of course it is.

At the end of the day, copyright law is contract law, which itself is an extension of the right to free association. Parties A and B enter into a contract. Party C has no say in the matter. When party B violates the contract by giving a copy to party C, the INTENT of copyright law is to hold party B responsible for the violation, and to also cause party C to be entered into a contract with party A to discourage further violations. If you don't like the terms of the contract, you don't have to enter it.

FWIW I absolutely hate the living hell that DRM makes life for someone like me. I spent a great deal of money on my home theater, and had to spend a bunch more giving it DVR capability for digital cable. My HTPC sits between my cable box and my receiver, capturing via a huge bundle of cables going in and out of a Hauppauge Colossus, thanks to HDCP. Automated recording is still a huge PITA thanks to EPG and channel changing issues with the STB.

My solution is to simply cancel cable TV, not to start pirating, because regardless of what I personally feel about the contract terms, I respect the rights of those that entered into it.

The defense of "I would never have purchased in the first place" is again a lame duck excuse, if you would never purchase the content, why are you viewing the content in the first place?

It's a value proposition. I'd be interested in seeing The Life of Pi in the theaters at $10. I'm not willing to pay $50 for the experience. I'm not terribly interested in paying $10 to see the new Bond movie, but if a friend brought a copy of the movie over to my house, I'd probably watch it.

But pirating is more akin to sneaking into the theater to watch the new Bond flick.

I'm fulling admitting to setting up a straw-man here, but similar arguments can be made for sneaking in and piracy:

"Well, the theater was showing the movie whether I was in there or not, and since I wouldn't have paid $10 to watch that movie anyway, they aren't really losing any money."

In this scenario, the cashier and ticket takers are the DRM:

"They should just get rid of the cashiers and ticket takers. If people really want to sneak into a movie, there's no way to stop them. All the cashiers and ticket takers due is make the paying folks have to wait in line while the sneakers get all the good seats. They should just put a jar by the door. Most people are good and honest and would put their $10 in the jar."

I am certainly no fan of DRM, and I agree with the article's premise that it will always be cracked by those who are determined enough. Working around DRM just has to be enough of a hassle that most people will "wait in line and buy the ticket" for it to be successful from a media company's point of view, though.

My principal view is,I pay to watch the movie, not to pay for the advertisements. Until the industry learns that, I don't frequent the theaters. Theirs enough copies floating around my town, and that doesn't mean online piracy. I do believe Its not against the law to borrow a copy. Heck we just download from each others computers online using IRC or any program for messaging. Hell anyone remember going around the neighborhood and trading comics. Right, bring on the DRM Gestapo and stop the comic trade. My daughter and her friends all share books, you can't stop piracy, its a joke. The minute you share something you have stopped a sale from happening. So long I hear a helicopter hovering above my house.

As long as the industry relies on "streaming" as a way to "control" their content, there will be piracy.Until I am able to watch an entire show wherever I am then their distribution is flawed and other means will be pursued.

As long as telco's and ISPs are restricting/limiting access, streaming will be inferior. As long as it is inferior piracy will occur.

We have no idea how much it cost the developers of World of Goo to create their game. Who are we to decide as customers, of their product, when they have been properly remunerated. Why don't we just not view their content, leave without their content, why must we view their content for free?

I think you have been properly remunerated for your work. What if you were forced to provide that service and/or good to the community of Arstechnica for free, how do you feel about that?